package com.zqp.security.browser;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;
import org.springframework.social.security.SpringSocialConfigurer;

import com.zqp.security.browser.session.ZqpExpireSessionStrategy;
import com.zqp.security.core.authentication.AbstractChannelSecurityConfig;
import com.zqp.security.core.authentication.mobile.SmsCodeAuthenticationSecurityConfig;
import com.zqp.security.core.properties.SecurityConstants;
import com.zqp.security.core.properties.SecurityProperties;
import com.zqp.security.core.validator.code.ValidateCodeSecurityConfig;

/**
 * @author zqp
 * @date 2017年12月20日
 * @description
 */
@Configuration
public class BrowserSecurityConfig extends AbstractChannelSecurityConfig {

	@Autowired
	private SecurityProperties securityProperties;

	/**
	 * 验证码过滤器
	 */
	@Autowired
	private ValidateCodeSecurityConfig validateCodeSecurityConfig;

	@Autowired
	private UserDetailsService userDetailsService;

	@Autowired
	public DataSource dataSource;

	@Autowired
	private SpringSocialConfigurer socialConfig;

	/**
	 * 短信验证码的配置
	 */
	@Autowired
	private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
	
	/**
	 * session 配置项
	 */
	@Autowired
	private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;
	
	@Autowired
	private InvalidSessionStrategy invalidSessionStrategy;
	

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		applyPasswordAuthenticationConfig(http);// ->密码登录的

		http.apply(validateCodeSecurityConfig).and()// ->验证码过滤器
				.apply(smsCodeAuthenticationSecurityConfig).and()// ->短信验证码
				.apply(socialConfig).and()// -->第三方
				// 在前面加一个过滤器
				.rememberMe().tokenRepository(persistentTokenRepository())
				.tokenValiditySeconds(securityProperties.getBrowser().getRememberMeSeconds())
				.userDetailsService(userDetailsService)
				.and()
				.sessionManagement()
				.invalidSessionStrategy(invalidSessionStrategy)
				.maximumSessions(securityProperties.getBrowser().getSession().getMaximumSessions())//并发数
				.maxSessionsPreventsLogin(securityProperties.getBrowser().getSession().isMaxSessionsPreventsLogin())//阻止别的人登录
				.expiredSessionStrategy(sessionInformationExpiredStrategy)
				.and()
				.and().authorizeRequests()
				.antMatchers(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL,
						SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_MOBILE,
						securityProperties.getBrowser().getLoginPage(),
						SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX + "/*",
						securityProperties.getBrowser().getSignUpUrl(),
						"/user/regist",SecurityConstants.DEFAULT_SESSION_INVALID_URL)
				.permitAll()
				.anyRequest()
				.authenticated()
				.and()
				.csrf().disable();

	}


	/**
	 * 记住我功能需要的
	 * 
	 * @return
	 */
	@Bean
	public PersistentTokenRepository persistentTokenRepository() {
		JdbcTokenRepositoryImpl tokenRepositoryImpl = new JdbcTokenRepositoryImpl();
		System.out.println(dataSource.toString());
		tokenRepositoryImpl.setDataSource(dataSource);
		// tokenRepositoryImpl.setCreateTableOnStartup(true);//启动的时候创建
		return tokenRepositoryImpl;
	}
}
